Reverse analysis of Crackme026
1. observation program
If the serial number is wrong, enter the name of the box will flash, but no pop tips.
2. A simple search case
3. Program Analysis
You can see, there are two click event, the program also has two function buttons.
Use OD loader, go to the address 402B10. A breakpoint, click the check button, the program off in the 402B10. This code should be so is to verify the code.
Continue to look at the code down
1.
Length of the input program name is determined, if less than five characters, pop prompt appears appears above.
2.
The establishment of recycling programs, the number of cycles for the length of the user name.
Program gets the user name ASCII value of the i bits.
i is the cycle number, if it is the first cycle, to obtain the user name of the ASCII value of 1, i.e. name [0] ASCII value.
432.4 program string converted to a floating, then ASCII (name [i-1]) converted to floating point, multiplication of two numbers, floating point numbers and multiplied by 17.79.
I.e. 432.5 * ASCII (name [i- 1]) * 17.79
The above result by the program 15, i.e. (432.5 * ASCII (name [i -1]) * 17.79) / 15
Then the result is converted to a string.
Thus, the end of a cycle.
3.
The result of the last cycle is converted to a floating decimal point after the removal, and then converted into a string.
4.
Program takes the ASCII value of the first character of the name is converted to floating point; then 3 is converted to a floating result, the two together.
5.
Take name first character ASCII value, multiplied by 0x19.
Then 3. The result is converted to floating point numbers, the result of subtracting the previous step, and then converted to a hexadecimal value.
6.
The 3 results converted to hexadecimal.
7.
Take the name [0] ASCII value, multiplied by the length of the name, minus 0x1B.
8.
The 4. Results and 5. The results are spliced together.
The results of the above splicing and 6. The results are spliced together.
The results of the above splicing and 7. The results are spliced together.
The length of the name into a string, and the results of the above splicing spliced together.
The mosaic above results and "-CM" spliced together.
Finally, compare
4. RI
1 #include <stdio.h> 2 #include <string.h> 3 #include <Windows.h> 4 5 6 int Keygen() 7 { 8 char szName[20] = { 0 }; 9 char szSerial[100] = { 0 }; 10 char szSerial1[20] = { 0 }; 11 int NameLen = 0; 12 __int64 Result = 0; 13 the __int64 Result1 = 0 ; 14 15 16 the printf ( " Please enter your name: " ); . 17 scanf_s ( " % S " , szName, 20 is ); 18 is namelen = strlen (szName); . 19 20 is the Result = (szName [namelen - . 1 ] * 432.4 * 17.79 ) / 15 ; 21 is 22 is Result1 szName = [ 0 ] + the Result; 23 is sprintf (szSerial1, " % I64d " , Result1); 24 strcat(szSerial, szSerial1); 25 26 Result1 = Result - szName[0] * 0x19; 27 sprintf(szSerial1, "%I64X", Result1); 28 strcat(szSerial, szSerial1); 29 30 sprintf(szSerial1, "%I64X", Result); 31 strcat(szSerial, szSerial1); 32 33 Result1 = szName[0] * 0x5 - 0x1B; 34 sprintf(szSerial1, "%I64d", Result1); 35 strcat(szSerial, szSerial1); 36 37 Result1 = NameLen; 38 sprintf(szSerial1, "%I64d", Result1); 39 strcat(szSerial, szSerial1); 40 41 strcat(szSerial, "-CM"); 42 43 printf("%s\n", szSerial); 44 45 return 0; 46 } 47 48 int main(int argc, char* argv[]) 49 { 50 Keygen(); 51 system("pause"); 52 return 0; 53 }
